| @@ -276,14 +276,24 class ApplicationController < ActionController::Base | |||||
| 276 | self.model_object = model |
|
276 | self.model_object = model | |
| 277 | end |
|
277 | end | |
| 278 |
|
278 | |||
| 279 | # Filter for bulk issue operations |
|
279 | # Find the issue whose id is the :id parameter | |
|
|
280 | # Raises a Unauthorized exception if the issue is not visible | |||
|
|
281 | def find_issue | |||
|
|
282 | # Issue.visible.find(...) can not be used to redirect user to the login form | |||
|
|
283 | # if the issue actually exists but requires authentication | |||
|
|
284 | @issue = Issue.find(params[:id]) | |||
|
|
285 | raise Unauthorized unless @issue.visible? | |||
|
|
286 | @project = @issue.project | |||
|
|
287 | rescue ActiveRecord::RecordNotFound | |||
|
|
288 | render_404 | |||
|
|
289 | end | |||
|
|
290 | ||||
|
|
291 | # Find issues with a single :id param or :ids array param | |||
|
|
292 | # Raises a Unauthorized exception if one of the issues is not visible | |||
| 280 | def find_issues |
|
293 | def find_issues | |
| 281 | @issues = Issue.find_all_by_id(params[:id] || params[:ids]) |
|
294 | @issues = Issue.find_all_by_id(params[:id] || params[:ids]) | |
| 282 | raise ActiveRecord::RecordNotFound if @issues.empty? |
|
295 | raise ActiveRecord::RecordNotFound if @issues.empty? | |
| 283 | if @issues.detect {|issue| !issue.visible?} |
|
296 | raise Unauthorized if @issues.all?(&:visible?) | |
| 284 | deny_access |
|
|||
| 285 | return |
|
|||
| 286 | end |
|
|||
| 287 | @projects = @issues.collect(&:project).compact.uniq |
|
297 | @projects = @issues.collect(&:project).compact.uniq | |
| 288 | @project = @projects.first if @projects.size == 1 |
|
298 | @project = @projects.first if @projects.size == 1 | |
| 289 | rescue ActiveRecord::RecordNotFound |
|
299 | rescue ActiveRecord::RecordNotFound | |
| @@ -313,19 +313,7 class IssuesController < ApplicationController | |||||
| 313 | end |
|
313 | end | |
| 314 | end |
|
314 | end | |
| 315 |
|
315 | |||
| 316 | private |
|
316 | private | |
| 317 | def find_issue |
|
|||
| 318 | # Issue.visible.find(...) can not be used to redirect user to the login form |
|
|||
| 319 | # if the issue actually exists but requires authentication |
|
|||
| 320 | @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category]) |
|
|||
| 321 | unless @issue.visible? |
|
|||
| 322 | deny_access |
|
|||
| 323 | return |
|
|||
| 324 | end |
|
|||
| 325 | @project = @issue.project |
|
|||
| 326 | rescue ActiveRecord::RecordNotFound |
|
|||
| 327 | render_404 |
|
|||
| 328 | end |
|
|||
| 329 |
|
317 | |||
| 330 | def find_project |
|
318 | def find_project | |
| 331 | project_id = params[:project_id] || (params[:issue] && params[:issue][:project_id]) |
|
319 | project_id = params[:project_id] || (params[:issue] && params[:issue][:project_id]) | |
| @@ -102,12 +102,4 class JournalsController < ApplicationController | |||||
| 102 | rescue ActiveRecord::RecordNotFound |
|
102 | rescue ActiveRecord::RecordNotFound | |
| 103 | render_404 |
|
103 | render_404 | |
| 104 | end |
|
104 | end | |
| 105 |
|
||||
| 106 | # TODO: duplicated in IssuesController |
|
|||
| 107 | def find_issue |
|
|||
| 108 | @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category]) |
|
|||
| 109 | @project = @issue.project |
|
|||
| 110 | rescue ActiveRecord::RecordNotFound |
|
|||
| 111 | render_404 |
|
|||
| 112 | end |
|
|||
| 113 | end |
|
105 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now